Cyber spy groups moving towards using supply chain attacks

ANI | Updated: Oct 19, 2017 13:25 IST

New Delhi [India], Oct.19 (ANI): A senior researcher at the Moscow-based Kaspersky Lab Global Research and Analysis Team (GReAT), has warned that cyber espionage groups are not just after personal data anymore, but also attacking financial institutions in the Asia-Pacific (APAC) region.

In an interview given to ANI on the sidelines of the third annual APAC Cyber Security Weekend, which was held on the theme "Cyberespionage in APAC: A Real Threat, recently in Phuket, Thailand, Yury Namestnikov, Head of the lab's research and analysis center in Moscow, Russia, said, cyber criminals operating in the Asia-Pacific region are now targetting banks and other financial institutions for monetary gain.

He said active Advanced Persistent Threat (APT) groups have successfully breached financial institutions in Malaysia, South Korea, Indonesia, Philippines, China (Hong Kong), Bangladesh, and Vietnam.

"This year, we have monitored the tectonic shift in APT actors' behavior. These groups who are initially data-hungry are now going beyond traditional cyber espionage. They added money-stealing on their attack menu as they hunt for vulnerable banks in the Asia Pacific (APAC) region which they can infect mostly through the rising epidemic," said Namestnikov.

He said that in 2017, Kaspersky Lab has been able to monitor active APT actors in the region, namely the infamous Lazarus group and the Cobaltgoblinother group that use Carbanak-style attacks.

Lazarus is the cyber gang believed to be behind massive breaches including the Sony Pictures hack in 2014 and the multi-million cyber robbery against the Central Bank of Bangladesh last year. They are known for hacking C&C servers of banks and governments as launchpads for their malicious campaigns.

Carbanak made headlines in 2014 for the USD one billion bank heists in Russia, Ukraine, Germany, and China dubbed as "The Great Bank Robbery".

The group infiltrated their victims' networks through spear phishing emails or infected Word documents exploiting known vulnerabilities. With remote and covert access to the system, they gained control of the banks' ATMs or websites and collected a significant amount of money.

The degree of sophistication in terms of tools and the skilled manpower of the hackers behind these groups suggest that some of them are state-sponsored actors.

"Actors are switching towards using legitimate software instead of deploying unique malicious programs, which can allow them to perform the attack stealthly. Also, they have the ability to penetrate networks through supply chain attacks: in last three months, there were four huge incidents of similar pattern. In terms of monetisation, it could be attacks against ATM infrastructure, SWIFT servers or databases with transactions and debit/credit cards information. They are undoubtedly investing time, money, and effort so they can have good Return on Investment (ROI). So far, we can assume that cyber criminals are earning good ROI when attacking financial institutions in the region," adds Namestnikov.

Namestnikov told ANI that the attackers are mainly targetting banks, ATMs and Bitcoins, but added that the exact monetary losses from financial institutions attacks in APAC are unconfirmed as of this time.

He said that some of these attackers are sponsored by nation-state groups and actors, who use ransomware as payload. He said Kaspersky Lab researchers have been able to foil breaches before financial firms lose their money.

In order to protect enterprises from sophisticated financial threats, the lab has suggested the use of a highly sophisticated solution that enables businesses to detect targeted attacks and other malicious actions through careful monitoring of network activity, web, and email like the Kaspersky Anti-Targeted Attack Platform.

Kaspersky Lab also highlights the importance of threat intelligence to keep financial institutions knowledgeable on the latest trends of threats against banks.

Kaspersky Lab has a portfolio of "Threat Intelligence" services designed to mitigate massive attacks by providing enterprises with insights on the latest, constantly emerging threats currently targeting businesses around the world.

Namestnikov said there is an urgent need to invest more; to educate people; to implement information related to security threats; to update multi-technologies; to secure networks and have separate networks.

"All players need to be involved and must avoid bad behavior in social engineering. There is no way you can build a 100 percent secure system. There must be instant responses and you need to log everything, as attackers have a lot of time and also the required budget to carry out their attacks," Namestnikov said.

When asked specifically about what steps need to be taken in the future, Namestnikov listed five key points:

. Ensure proper registration and upto date standards and guidelines to ensure facing less problems

. Ensure consistent auditing and information sharing

. Collect information on security talent as it is the need of the hour

. Invest money in cyber security to cut down on losses

. Go digital as it is good for the economy and good for livelihood

He emphasized that there is a challenge out there in the cyber world and reiterated that everything stays forever on the Internet.

Kaspersky Lab is celebrating its 20th anniversary this year and its deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company's comprehensive security portfolio includes leading end point protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats.

Over 400 million users are protected by Kaspersky Lab technologies and 270,000 corporate clients are protected.

By Ashok Dixit (ANI)

iocl